GDPR Short Guide for Schools

What is it?

The GDPR (or otherwise known as the EU General Data Protection Regulation 2016) came into effect on the 25 May 2018. It is designed to protect and empower European citizens with regard to the handling of their personal data. It enhances people's rights and places greater obligations and sanctions on organisations.

The UK's Data Protection Act 2018 provides additional duties and is supplementary to the GDPR. UK organisations will still be required to comply with the GDPR when they UK leaves the European Union.

Who does it apply to?

Schools and other organisations that handle personal data. 

Key Areas for Schools

Data Breaches

There are new requirements to investigate and notify the Information Commissioner's Office (ICO) and data subjects about data breaches. Don't be caught out!

Find out more

Compensation and Fines

Data subjects have the right to receive compensation if they suffer damage or distress as a result of a breach involving their data and organisations can be fined up to £17.5million!

Find out more

Data Protection Officers

Schools must appoint a Data Protection Officer  - they can be an employee or an external person they outsource the role to.


Find out more


There are tighter rules around obtaining consent from adults and children.

Find out more

Citizen's Rights

People have new and enhanced rights. Here's a short overview about some of them.

Find out more

Obligations for Schools

There are several new obligations for schools to fulfil under the GDPR.

Find out more

Contact Us

Drop us a line!

Firebird Data Protection Consultancy